CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0CVE-2015-4485 – Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)
https://notcve.org/view.php?id=CVE-2015-4485
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. Desbordamiento del buffer basado en memoria dinámica en la función resize_context_buffers en libvpx en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos ejecutar código arbitrario a través de datos de vídeo WebM malformados. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0CVE-2015-4486 – Mozilla: Buffer overflows on Libvpx when decoding WebM video (MFSA 2015-89)
https://notcve.org/view.php?id=CVE-2015-4486
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. Vulnerabilidad en la función decrease_ref_count en libvpx en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (lectura fuera de rango) a través de datos de vídeo WebM malformados. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2015-4493 – Mozilla: Overflow issues in libstagefright (MFSA 2015-83)
https://notcve.org/view.php?id=CVE-2015-4493
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539. Desbordamiento de buffer basado en memoria dinámica en la función stagefright::ESDS::parseESDescriptor en libstagefright en Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2 permite a atacantes remotos ejecutar código arbitrario a través de un campo de tamaño no válido en un fragmento esds en los datos de vídeo MPEG-4, un caso relacionado con CVE-2015-1539. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1586.html http://www.debian.org/security/2015/dsa-3333 http://www.mozilla.org/security/announce/2015/mfsa2015-83.html http://www.oracle.com/technetwork/topics/security/bull • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2015-4473 – Mozilla: Miscellaneous memory safety hazards (rv:38.2) (MFSA 2015-79)
https://notcve.org/view.php?id=CVE-2015-4473
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox en versiones anteriores a 40.0 y Firefox ESR 38.x en versiones anteriores a 38.2, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2015-4474
https://notcve.org/view.php?id=CVE-2015-4474
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox en versiones anteriores a 40.0, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://www.mozilla.org/security/announce/2015/mfsa2015-79.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098. •